Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fa807b99 by Moritz Muehlenhoff at 2024-09-12T10:18:30+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -229,7 +229,7 @@ CVE-2024-7716 (The Logo Slider WordPress plugin before
3.6.9 does not sanitise
CVE-2024-7626 (The WP Delicious \u2013 Recipe Plugin for Food Bloggers
(formerly Deli ...)
NOT-FOR-US: WordPress plugin
CVE-2024-45597 (Pluto is a superset of Lua 5.4 with a focus on general-purpose
program ...)
- TODO: check
+ NOT-FOR-US: Pluto
CVE-2024-44107 (DLL hijacking in the management console of Ivanti Workspace
Control ve ...)
NOT-FOR-US: Ivanti
CVE-2024-44106 (Insufficient server-side controls in the management console of
Ivanti ...)
@@ -243,35 +243,35 @@ CVE-2024-44103 (DLL hijacking in the management console
of Ivanti Workspace Cont
CVE-2024-43690 (Inclusion of Functionality from Untrusted Control
Sphere(CWE-829) in t ...)
NOT-FOR-US: Gallagher
CVE-2024-40662 (In scheme of Uri.java, there is a possible way to craft a
malformed Ur ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40659 (In getRegistration of RemoteProvisioningService.java, there is
a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40658 (In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a
possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40657 (In addPreferencesForType of AccountTypePreferenceLoader.java,
there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40656 (In handleCreateConferenceComplete of
ConnectionServiceWrapper.java, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40655 (In bindAndGetCallIdentification of
CallScreeningServiceHelper.java, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40654 (In multiple locations, there is a possible permission bypass
due to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40652 (In onCreate of SettingsHomepageActivity.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-40650 (In wifi_item_edit_content of styles.xml , there is a possible
FRP bypa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-3899 (The Gallery Plugin for WordPress WordPress plugin before
1.8.15 does ...)
NOT-FOR-US: WordPress plugin
CVE-2024-39808 (Incorrect Calculation of Buffer Size (CWE-131) in the
Controller 6000 ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-31336 (Imagination PowerVR-GPU in Android before 2024-09-05 has a
High Severi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-24972 (Buffer Copy without Checking Size of Input (CWE-120) in the
Controller ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23906 (Improper Neutralization of Input During Web Page Generation
(CWE-79) i ...)
- TODO: check
+ NOT-FOR-US: Gallagher
CVE-2024-23716 (In DevmemIntPFNotify of devicemem_server.c, there is a
possible use-af ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2024-21529 (Versions of the package dset before 3.1.4 are vulnerable to
Prototype ...)
NOT-FOR-US: Node dset
CVE-2024-1656 (Affected versions of Octopus Server had a weak content security
policy ...)
@@ -323,7 +323,7 @@ CVE-2024-8503 (An unauthenticated attacker can leverage a
time-based SQL injecti
CVE-2024-8369 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8258 (Improper Control of Generation of Code ('Code Injection') in
Electron ...)
- TODO: check
+ NOT-FOR-US: Logitech
CVE-2024-8241 (The Nova Blocks by Pixelgrade plugin for WordPress is
vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8232 (SpiderControl SCADA Web Server has a vulnerability that could
allow an ...)
@@ -360,7 +360,7 @@ CVE-2024-45590 (body-parser is Node.js body parsing
middleware. body-parser <1.2
NOTE:
https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
NOTE:
https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
(1.20.3)
CVE-2024-45412 (Yeti bridges the gap between CTI and DFIR practitioners by
providing a ...)
- TODO: check
+ NOT-FOR-US: Yeti
CVE-2024-45409 (The Ruby SAML library is for implementing the client side of a
SAML au ...)
TODO: check
CVE-2024-45407 (Sunshine is a self-hosted game stream host for Moonlight.
Clients that ...)
@@ -620,67 +620,67 @@ CVE-2024-37337 (Microsoft SQL Server Native Scoring
Information Disclosure Vulne
CVE-2024-37335 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2024-36511 (An improperly implemented security check for standard
vulnerability [C ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-35783 (A vulnerability has been identified in SIMATIC BATCH V9.1 (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-35282 (A cleartext storage of sensitive information in memory
vulnerability [ ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-34831 (cross-site scripting (XSS) vulnerability in Gibbon Core
v26.0.00 allow ...)
- TODO: check
+ NOT-FOR-US: Gibbon Core
CVE-2024-33698 (A vulnerability has been identified in SIMATIC Information
Server 2022 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-33508 (An improper neutralization of special elements used in a
command('Comm ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-32006 (A vulnerability has been identified in SINEMA Remote Connect
Client (A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-31960 (An issue was discovered in Samsung Mobile Processor Exynos
1480, Exyno ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-31490 (An exposure of sensitive information to an unauthorized actor
in Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-31489 (AAn improper certificate validation vulnerability [CWE-295] in
FortiCl ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-30073 (Windows Security Zone Mapping Security Feature Bypass
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-27257 (IBM OpenPages 8.3 and 9.0 potentially exposes information
about client ...)
NOT-FOR-US: IBM
CVE-2024-26191 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-26186 (Microsoft SQL Server Native Scoring Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2024-25074 (An issue was discovered in Samsung Semiconductor Mobile
Processor, Aut ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-25073 (An issue was discovered in Samsung Semiconductor Mobile
Processor, Aut ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2024-21753 (A improper limitation of a pathname to a restricted directory
('path t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2024-21416 (Windows TCP/IP Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2023-6841 (A denial of service vulnerability was found in keycloak where
the amou ...)
NOT-FOR-US: Keycloak
CVE-2023-49069 (A vulnerability has been identified in Mendix Runtime V10 (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-44254 (An authorization bypass through user-controlled key[CWE-639]
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2023-37234 (Loftware Spectrum through 4.6 has unprotected JMX Registry.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37233 (Loftware Spectrum before 4.6 HF14 allows authenticated XXE
attacks.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37232 (Loftware Spectrum through 4.6 exposes Sensitive Information
(Logs) to ...)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37231 (Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37230 (Loftware Spectrum (testDeviceConnection) before 5.1 allows
SSRF.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37229 (Loftware Spectrum before 5.1 allows SSRF.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37227 (Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-37226 (Loftware Spectrum before 4.6 HF14 has Missing Authentication
for a Cri ...)
- TODO: check
+ NOT-FOR-US: Loftware
CVE-2023-36103 (Command Injection vulnerability in goform/SetIPTVCfg interface
of Tend ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2023-2919 (The Tutor LMS plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8611 (A vulnerability classified as critical was found in
itsourcecode Tailo ...)
NOT-FOR-US: itsourcecode Tailoring Management System
CVE-2024-8610 (A vulnerability classified as problematic has been found in
SourceCode ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa807b992cd77840e6ceb09031f334260fa58e48
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fa807b992cd77840e6ceb09031f334260fa58e48
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
